840f7516f719e849a5c9aa03ed3af3c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

840f7516f719e849a5c9aa03ed3af3c5_JaffaCakes118
Size

436KB
MD5

840f7516f719e849a5c9aa03ed3af3c5
SHA1

fd62f720b896ab0bcf4c5d75a38db61413ea85eb
SHA256

2443253bc9482e27ca3afd34d1d271963044e5ba1be9d7f91e6878fc8a13bdab
SHA512

acbf68aab5c57106a893b1ceb5ee9a10a62a13b2f4fdf66a7e772cebc336531e9d0558535b3831efce208a25125721fb840f1a2efae1477822c1aadba72a071a
SSDEEP

12288:eU3TheUBoDSBS/9mZ0kGmtCYjRtorddPg:F1eUCn/nZmtCYje

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
840f7516f719e849a5c9aa03ed3af3c5_JaffaCakes118

Files

840f7516f719e849a5c9aa03ed3af3c5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

73f674e0eb744b1095705e7a2d764006

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

koohpro.zto

_v

psapi

GetModuleFileNameExW

kernel32

GetVersionExA
GetModuleHandleA
LoadLibraryA
VirtualAlloc
GetModuleFileNameA
ExitProcess

user32

GetMenuItemCount
MessageBoxA

gdi32

SaveDC

winspool.drv

DocumentPropertiesW

advapi32

RegQueryValueExW

shell32

SHAppBarMessage

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW

oleaut32

VariantInit

version

VerQueryValueW

Sections

.text
Size: - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX1
Size: 412KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73f674e0eb744b1095705e7a2d764006

Headers

File Characteristics

Imports

koohpro.zto

psapi

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oleaut32

version

Sections

.text Size: - Virtual size: 320KB

.rdata Size: - Virtual size: 62KB

.data Size: - Virtual size: 25KB

.rsrc Size: 16KB - Virtual size: 32KB

.UPX0 Size: - Virtual size: 190KB

.UPX1 Size: 412KB - Virtual size: 409KB

.reloc Size: 4KB - Virtual size: 140B

.text
Size: - Virtual size: 320KB

.rdata
Size: - Virtual size: 62KB

.data
Size: - Virtual size: 25KB

.rsrc
Size: 16KB - Virtual size: 32KB

.UPX0
Size: - Virtual size: 190KB

.UPX1
Size: 412KB - Virtual size: 409KB

.reloc
Size: 4KB - Virtual size: 140B